Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	42	46%
Not necessary items	12	13%
	54	59%

File and registry entries that can be both dangerous or safe

Questionable items	8	9%
Unknown items	29	32%
	37	41%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Creative\Shared Files\CTAudSvc.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\AVG\AVG8\avgfws8.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\CTsvcCDA.exe More info about file ctsvccda.exe	Legitimate	Item found in 2-spyware.com library Creative CD-ROM Services tool, started by ctsvccda.exe executable, is a common component of some...	Change status
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe More info about file dkservice.exe	Legitimate	Item found in 2-spyware.com library File dkservice.exe is related to disk defragmenter, known as Diskeeper. This program uses the...	Change status
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe More info about file incdsrv.exe	Legitimate	Item found in 2-spyware.com library Ahead Nero InCD Service. Allows to format writeable CDs and DVDs and use them as regular hard...	Change status
C:\PROGRA~1\AVG\AVG8\avgam.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\AVG\AVG8\avgrsx.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Java\jre6\bin\jqs.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\AVG\AVG8\avgnsx.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\WINDOWS\system32\HPZipm12.exe More info about file hpzipm12.exe	Legitimate	Item found in 2-spyware.com library This is a standard component of Hewlett-Packard device drivers. The presence of this file means,...	Change status
C:\WINDOWS\system32\PnkBstrA.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\PnkBstrB.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe More info about file nsvcip.exe	Legitimate	Item found in 2-spyware.com library nsvcip.exe is part of the ForceWare Network Access Manager for nVidia hardware. Do not terminate...	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\CTXFIHLP.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\RUNDLL32.EXE More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe More info about file superantispyware.exe	Legitimate	Item found in 2-spyware.com library SAS is one of the best as-programs	Change status
C:\Program Files\AVG\AVG8\avgtray.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Logitech\SetPoint\SetPoint.exe More info about file setpoint.exe	Legitimate	Item found in 2-spyware.com library The file is associated with Logitech Mouse/Keyboard application.	Change status
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE	Unknown	No exact entries found	Insert file into database
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE More info about file khalmnpr.exe	Legitimate	Item found in 2-spyware.com library khalmnpr.exe is associated with Logitech Mouse/Keyboard application.	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/	Not necessary	http://msn.com/ is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your start page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =	Not necessary	Fix this item because it points to nowhere	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =	Not necessary	Fix this item because it points to nowhere	Change status
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll More info about file acroiehelpershim.dll	Legitimate	Application program item according to inner database adobe acrobat activex	Change status
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll More info about file avgssie.dll	Legitimate	Application program item according to inner database Related to AVG Antivirus 8.0	Change status
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)	Not necessary	Fix this item, because it points to file that cannot be found	Change status
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll More info about file jp2ssv.dll	Legitimate	System item according to inner database	Change status
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll More info about file jqs_plugin.dll	Legitimate	System item according to inner database	Change status
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE More info about file updreg.exe	Legitimate	System item according to inner database Reminder to register with Creative. Comes with some of Creatives sound cards. Located in...	Change status
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE More info about file khalmnpr.exe	Legitimate	Application program item according to inner database khalmnpr.exe is associated with Logitech Mouse/Keyboard application.	Change status
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit More info about file nvmctray.dll	Legitimate	System item according to inner database nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe More info about file superantispyware.exe	Legitimate	System item according to inner database SAS is one of the best as-programs	Change status
O4 - HKCU\..\Run: [AVG Tray Monitor] C:\Program Files\AVG\AVG8\avgtray.exe	Unknown	No exact entries found	Insert file into database
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe More info about file setpoint.exe	Legitimate	Application program item according to inner database The file is associated with Logitech Mouse/Keyboard application.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\WINDOWS\Network Diagnostic\xpnetdiag.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe	Not necessary	This item represents extra menu item in your Tools menu in IE with a name '@xpsp3res.dll,-20001' and points to file 'C:\WINDOWS\Network Diagnostic\xpnetdiag.exe'. If you do not want it to be there, fix this item.	Change status
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab	Questionable	Are you using an ActiveX object with a name 'System Requirements Lab' located in 'http://www.nvidia.com/content/DriverDownload /srl/3.0.0.0/srl_bin/sysreqlab3.cab'? If not, fix this item.	Change status
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab	Questionable	Are you using an ActiveX object with no name located in 'http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab'? If not, fix this item.	Change status
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB	Questionable	Are you using an ActiveX object with a name 'DyynoX Class' located in 'http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB'? If not, fix this item.	Change status
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1228907738813	Questionable	Are you using an ActiveX object with a name 'WUWebControl Class' located in 'http://www.update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1228907738813'? If not, fix this item.	Change status
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688	Questionable	Are you using an ActiveX object with a name 'Java Runtime Environment 1.6.0' located in 'http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688'? If not, fix this item.	Change status
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab	Questionable	Are you using an ActiveX object with a name 'SABScanProcesses Class' located in 'http://www.superadblocker.com/activex/sabspx.cab'? If not, fix this item.	Change status
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab	Questionable	Are you using an ActiveX object with a name 'Creative Software AutoUpdate Support Package' located in 'http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab'? If not, fix this item.	Change status
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "linkscanner" and file "C:\Program Files\AVG\AVG8\avgpp.dll".	Change status
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll	Unknown	No exact entries found	Change status
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe More info about file ctsvccda.exe	Legitimate	Item found in 2-spyware.com database. Creative CD-ROM Services tool, started by ctsvccda.exe executable, is a common component of some...	Change status
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe More info about file dkservice.exe	Legitimate	Item found in 2-spyware.com database. File dkservice.exe is related to disk defragmenter, known as Diskeeper. This program uses the...	Change status
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe More info about file incdsrv.exe	Legitimate	Item found in 2-spyware.com database. Ahead Nero InCD Service. Allows to format writeable CDs and DVDs and use them as regular hard...	Change status
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe More info about file nbservice.exe	Legitimate	Item found in 2-spyware.com database. ...	Change status
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe More info about file nsvcip.exe	Legitimate	Item found in 2-spyware.com database. nsvcip.exe is part of the ForceWare Network Access Manager for nVidia hardware. Do not terminate...	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe More info about file hpzipm12.exe	Legitimate	Item found in 2-spyware.com database. This is a standard component of Hewlett-Packard device drivers. The presence of this file means,...	Change status
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries